Binance has been the victim of a sophisticated attack, with 7,000 BTC stolen from their hot wallet by hackers that gained access to user accounts through phishing, viruses and other malware.
This week, Binance reportedly suffered a major and calculated hack which was carried out via phishing and viruses which allowed the hackers to get hold of a large number of 2FA codes and API keys.
Binance’s CEO, Changpeng Zhao, said that there were no illicit withdrawals detected by the system, but they were able to cover the loss by using the SAFU fund. SAFU stands for Secure Asset Fund for Users, and is a fund a launched by Binance in July last year in which 10% of trading fees are allocated.
In the hack 7,000 bitcoin (BTC) — worth around $40.7 million at the time — were withdrawn by the attackers from the exchange’s hot wallets, in a transaction was unnoticed by the exchange’s security systems.
Changpeng Zhao has addressed the community’s concerns over yesterday’s hack in his live AMA on Twitter.
The CEO stated that the actual number of stolen bitcoins was of 7.070 and that the hackers were “advanced, persistent and patient” and waiting to gather a significant quantity of stolen account data before implementing their attack.
After the incident, CZ said that the company will execute a thorough security investigation and that deposits and withdrawals will be halted during this time.
“We must conduct a thorough security review. The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress. Most importantly, deposits and withdrawals will need to REMAIN SUSPENDED during this period of time… We will continue to enable trading, so that you may adjust your positions if you wish.”
In the AMA and a subsequent tweet, the CEO publicized that the exchange has considered but ultimately decided not to go through with a blockchain re-org approach. A re-org approach is when miners are incentivized to form a consensus to hold 51% of the network’s hashing power to reorganize the transaction fees of the blockchain.
This centralized approach to minimize the damage of the was heavily criticized by community members. Binance decided not to implement this idea as it can harm bitcoin’s credibility and generate “a split in both the bitcoin network and community.”
CZ also thanked community members supports, including Justin Sun, Coinbase, QKC, and other important names from the industry— with Sun personally offering to deposit the 7,000 BTC to cover Binance’s loss.
But the CEO passed this generous offer, stating that said the exchange enough funds in SAFU to cover the hack.
CZ also urged users to reset their 2FAs and that for those that use API to change their keys to make their accounts safer.
This recent hack is just one of the recent wave of hacks that have targeted crypto exchanges this year, with Cryptopia, CoinBene, Bithumb, and DragonEx also being victims. Currently, Binance is the fifth largest exchanges according to trading volume, with a 6.89% decrease in its daily volume.